<?
require_once("include/bittorrent.php");
dbconn();

if (!mkglobal("username:password"))
	die();

$res = query("SELECT id, passhash, secret, enabled, status FROM users WHERE username = " . sqlesc($username));
$row = mysql_fetch_array($res);

if (!$row)
	error("Username incorrect");


If ($row["status"] == "pending")
	error("You haven't confirmed the account yet.");

if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"]))
	error("Password incorrect.");

if ($row["enabled"] == "no")
	error("This account has been disabled.");

logincookie($row["id"], $row["passhash"]);

if (!empty($_POST["returnto"]))
	header("Location: $SITEURL$_POST[returnto]");
else
	header("Location: $SITEURL/my.php");

?>